1. Field of Invention
The invention relates generally to message transaction systems, and more particularly to the secure creation of local queues within such systems.
2. Background and Relevant Art
When organizations need to have large-scale computer systems that hold mission critical information, such as purchase orders, financial information, etc., they usually resort to message transaction systems. Message transaction systems ensure that data is not lost if the system crashes, and also that data is not duplicated—such as ensuring that two copies of the same purchase order are not processed, etc. A transaction is an activity or a request, such as an order, a purchase, a change, or an addition to a database of information. Transactions usually update one or more files on a non-volatile storage such as a hard disk drive, and thus can serve as both an audit trail and a history for future analyses. A transaction can include one or more messages. A transaction is considered committed when all the messages of the transaction have been received and processed. The messages of a transaction are received at a client at one or more queues of the client.
Frequently, the operating systems in conjunction with which message transaction systems are implemented have security that is user-based. This means that a given user, if he or she has permission to create queues, for example, is able to create queues regardless of the client onto which the user is actually logged. Generally, in such systems, users have default permission to create queues, since the ability for users to create queues on at least their local machines is necessary for applications within the message transaction systems to run properly.
However, this situation can lead to compromised security. Because the security is user-based, and by default the user is able to create queues on any client, a malicious user can swamp a given client by requesting too many to be created queues on the client—thus denying service for legitimate users. The security is thus not local- or local machine-based—because of the underlying operating system on which the message transaction system is running, within the prior art, a given user cannot be limiting to creating queues only on the specific client the user is logged onto. Once the user is given permission to create queues, due to the user-based security, the user is able to create queues on any client. For this and other reasons, there is a need for the present invention.